As many of you may already know new general data protection regulation laws are coming into place on the 25th May 2018. There is a range of new changes that could affect your business and the way you carry out marketing.
What is the general data protection regulation?
General data protection regulation is Europe’s framework for data protection laws which the UK’s current laws are based on. GDPR laws are put in place to provide individuals with privacy and protection against their personal information.
The new laws will have a significant impact on how businesses and bodies handle personal data. Companies can no longer take personal information from a user unless they have given consent.
You will need to employ a data protection regime which means everyone across Europe has the same rights if not actions can be enforced if not complied with. It also allows governing bodies to regulate organisations within the UK. Fines can be introduced to not only organisations but also individuals.
Any data protection regulation breach within a business has to be reported to the regulatory body within 72 hours of first becoming aware of the breach. Reporting the breach means you also have to tell the regulatory body what you are doing about it, if this affects a specific individuals data you also have to ensure they are aware along with the effects it may have on their specific data.
Compliance with new laws
To prove you are compliant with the GDPR there will be trust marks released, compliance with any of these will showcase your business or organisation is being complaint. Ultimately, you can be checked by a court who will decide if you have been compliant with new laws and will take action if you have not been.
How to ensure you are being compliant?
Check data you already have, whether this is on individuals or on a business. Not only do the new general data protection regulation laws affect the data you will be collecting in the future, it also affects the data you currently have stored within your organisation.
Here are a few things you need to know:
- What personal information have you already got?
- Where did you get it from?
- Where do you hold it?
- What permission have you received to hold the data?
- Are you holding the data legally?
- Are you holding it inline with permissions the data subject gave to you?
If not you need to take the right steps to ensure you are dealing with the data in the right way. We recommend taking a data flow audit to ensure that all your data complies with the new laws.
If you would like more information on how you can train individuals along with your company we recommend taking a look at the IT Governance website, they provide a range of information regarding each part of General Data Protection Regulations.
How GDPR laws may affect your business?
For marketing agencies or organisation with in-house marketing teams, you may have to look at your business strategy and think about how you are collecting personal information from customers. Marketing automation and CRM systems are two tools you will have to take into consideration when collecting personal information. Before you do so, you have to state with each customer why you are taking information, where it will be stored and what you are using it for.
If you are an organisation that collects large amounts of personal information, you may need to employ a data protection officer, who can take care of the processes.
There are three main areas you need to take into consideration when creating a website or marketing campaign whereby you collect information these include data permission, data access and data focus.
Data permission
Data permission is all about how you allow the customer to opt-in and how you manage them. Unfortunately, you cannot assume the customer wants to receive marketing material or promotional offers from your organisation. New GDPR laws state the customer has to express consent which is reinforced in a clear affirmative action. This means in the future any leads, prospective customers and current customers all have to opt-in and confirm they want to be contacted.
An example of this is shown below; you can see we have given the customer the option to receive marketing emails:
Data access
Data access essentially means individuals have greater access to their personal data along with more control over how it is collected and the way in which it is used. The individual has the right to ask for the data to be removed and can also ask the business or organisation holding their personal information for the data. The best way for your business to comply with this information if you are using marketing tools such as email marketing is a simple unsubscribe button.
Data focus
Data focus means any data you collect needs to be specific, as marketers we often collect more data than necessary to help us create the best customer profile. New GDPR laws require every business and organisation to legally justify why they have collected personal data and what they are using it for.
Benefits of new GDPR
A great part of the new GDPR laws is it will improve the customer relationships if customers are aware of your compliance with data protection laws your brand is more likely to build trust with potential and current customers.
It will help improve brand image along with brand reputation; customers are opting in for the information which helps build customer relationships. Customers who have chosen to opt into your email marketing campaigns are more likely to be engaged with the content, therefore, increasing click-through rates to the website.
Customers feel more valued as they know their data is more valuable to the business. Before the GDPR laws, customers may have been more cautious about where their personal information went and what companies did with it.
Summary
Make sure your organisation or business is fully compliant with new GDPR laws as of the 25th May 2018, if not you could be in for a significant fine. One of the best ways to do this is to carry out an audit of how you collect the data, where the data goes and how the business stores it. Alternatively, you could look at employing a data protection officer to make sure your process is correct with those stated in the general data protection regulations.
If you are a marketing agency or have an in-house marketing team, you do not need to panic, while you may see a reduction in the data collected you will have rich and valuable information. Ensure all data collection methods have an opt-in and opt-out option, so customers have the choice to receive your marketing messages.
If you would like any more information on the new general data protection regulation laws feel free to take a look at ICO.